Intune – You can now define a configuration profile to lock down firmware settings

Microsoft Intune now allows you to create a device configuration profile to manage and lock down firmware settings.

This profile applies to UEFI Windows 10 devices, letting you enabling/disabling virtualization, built-in hardware (camera, micro and speakers, boot options…)

To start using, logon to your Azure portal ( and reach out the Intune\Device Configuration\Profiles  or Device Management portal ( and reach out the Device\Configuration profiles blade

image_thumb[1]  image_thumb

Then create a new device configuration profile by selecting Windows 10 and later as platform and Device Firmware Configuration Interface as profile type


Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies